Skip to content

Scopes

Fine-grained permission control using scopes.

Scope Format

Use action:resource pattern:

scopes = [
    "read:users",
    "write:posts",  
    "delete:comments",
    "admin:workspace"
]

Wildcard Scopes

"read:*"      # Read all resources
"*:posts"     # All actions on posts
"admin:*"     # Admin access to all

Checking Scopes

from fastapi import Depends, HTTPException

def require_scope(scope: str):
    def checker(user: UserData = Depends(authenticator)):
        if scope not in user.scopes:
            raise HTTPException(status_code=403)
        return user
    return checker

@app.delete("/posts/{id}")
def delete_post(user = Depends(require_scope("delete:posts"))):
    pass